I know with the FMS 3.5, we can verify the swf files before it connect to the server
the purpose is get some security data from http server. But I cannot get the way to stop someone getting the data with other means.
I think if I could kown that whether the connecting application is my own app at the server side, I could choose to send the security data or not.
You could send an identifier (better if encrypted) in your request to the server.
Just to know that the request is coming from your application.
You could also change the userAgent property of the URLRequest.
if the identifier is send by my AS, others will get the method for encrypt and they can fake in themselves' programs